Solved
Forum Discussion
Nikoolayy1
Jul 23, 2023MVP
Yes, maybe I am doing the test wrong, still another big issue is that Nginx App Protect also has the option for custom signatures (Configuration | NGINX Ingress Controller) but for now XC Distributed cloud does not and even with all signatures enabled and not in staging the RFI attack is not blocked on XC.
As a test backend with metasploitable 3 you can exploit this vunrability as seen in your picture with the query "page" parameter.